DirXML License Auditing Tool 
Version 1.1 User’s Guide 


Overview 


The DirXML® License Auditing Tool (DLAT) enables you to determine the number of 
DirXML licenses being used in a given tree, as well as the number of licenses used for 
specific additional fee drivers. 


A DirXML license is counted for each object with any DirXML Driver association that 
has a valid association key and isn’t marked as disabled. Additional driver licenses are 
counted for any object that has one or more valid non-disabled associations to an 
additional fee driver. This concept is more thoroughly explained in the DLAT Output 
section of this document. 


The DLAT generates reports on demand or you can schedule audits to run at a later time. 
After an audit has been scheduled, the DLAT’s UI is locked to prevent tampering. It 
remains locked until after the audit completes. You can, however, unlock the UI by 
provided a password. 


The results of an audit can be saved to a file. In addition to DirXML licenses, DLAT 1.1 
provides the capability to count Novell® SecretStore® licenses and ProtoComm 
SecureLogin licenses as part of performing the audit. See the Sample Output section to 
see this information in a report. 


Installation 


When the DLAT is installed on a computer, the following files are copied: 


FILE LOCATION 
DLAT.EXE User-specified location 
DLATHLP.HTM User-specified location 
MFC42.DLL windows \system32 
MSVCRT.DLL windows \system32 
LDAPSDK.DLL windows \system32 
LDAPSLL.DLL windows \system32 
LDAPX.DLL windows \system32 


Registry keys are also added to allow the DLAT to record auditing parameters used 
against various servers audited from that machine. 


The DLAT contains an uninstall program that allows you to remove the software from 
your computer. 


Using The DirXML License Auditing Tool 
To run the DLAT, double-click DLAT.EXE. 


Figure 1: DLAT.EXE prior to starting an audit 
xi 
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Configuring DLAT Parameters 
In order to run an audit, you should use the following information as you 


configure the six required DLAT parameters. 


LDAP Server Name or IP Address 
This parameter specifies the LDAP server that DLAT connects to in 


order to audit the tree. The server may be specified by IP address or by 
DNS name. 


LDAP Search Base 
This parameter specifies the container in the tree where DLAT performs 


its audit. It must be a valid LDAP DN, for example ou=dirxml,o=provo, 
or it may be specified as <none>. Selecting <none> or blanking the field 
causes DLAT to perform the audit from the root of the tree. 


LDAP Port 
This parameter specifies the port where DLAT will try to locate LDAP 


services on the server specified. There are two default LDAP port values. 
Port 389 is the default port to access LDAP. Port 636 is the default port 
to access LDAP via a Secure Sockets Layer (SSL) connection. Note that 


the Novell® eDirectory™ LDAP server port values are configurable, so 
using the default values may not be valid. <none> may also be specified. 


User ID 
This parameter specifies the User ID that DLAT will use when 
connecting to the LDAP server. If you are connecting via SSL, this 
parameter must be specified. Be sure the User ID being used has access 
to all objects in the tree. It is legal to select <anonymous> for this value, 
although anonymous access may not have enough rights to see all the 
objects of interest to DLAT. 


User Password 
This is the password for the User ID specified above. If you have 
selected <anonymous> for the User ID, don’t enter a value here. 


Secure Connection 
If this box is checked, DLAT will use SSL to connect to the LDAP 
server. 


Note: DLAT uses a special feature of Novell’s LDAP SDK, which tells 
the LDAP SSL client that DLAT already trusts the LDAP server being 
used. In this case DLAT doesn’t need to be configured with a copy of the 
server’s certificate. Because of the context in which DLAT is used, this 
is a valid approach. This allows DLAT to use SSL without forcing the 
user to obtain a copy of the server’s certificate and configuring DLAT to 
trust it. 


LDAP Server Reconfiguration 
DLAT reads the LDAP Server and LDAP Group objects from eDirectory to 
verify that the server is configured to let DLAT audit the entire tree. DLAT 
checks to see that the LDAP server is configured to walk the tree to fill queries 
involving objects not held on the LDAP server, and also makes sure there are no 
limits to result sets or the amount of time a query can take to complete. If these 
values need to be changed, DLAT saves the existing values, and reconfigures and 
refreshes the LDAP server. When DLAT is done with the audit, it resets the 
previous values and refreshes the LDAP server. Note that DLAT can’t update the 
configuration or refresh the LDAP server without authenticating with enough 
rights to perform the update. 


Starting an Audit 
After the parameters have been entered, you can start an Audit by clicking Audit. 
As results are gathered from the LDAP server, the informational windows on the 
right side of the dialog box will be filled with data. This version of DLAT 
doesn’t support asynchronous operations on the LDAP server, so the UI will be 
non-functional during an audit. Some of the LDAP operations can be so time- 
intensive that the UI won’t update until the audit is complete, and they can 
appear to be hung. Do not kill the process. The audit will complete and you will 
regain control of the UI. 


Scheduling an Audit 
Auditing a customer’s installation can take a fairly long time, depending on the 
tree size. For a time frame reference, note the start and stop times in the sample 
output log file in the Sample Output section of this document. To schedule an 
Audit, click the Schedule button to display the Schedule Audit dialog. See Figure 
2. 


Figure 2: Schedule Audit 


Specify a start date and time. The password entered in the password field will 
become the key to unlock the DLAT’s UI. After filling in the dialog box, click 
OK to schedule the audit event and lock the UI to prevent tampering with the 
audit parameters or results. 


Figure 3 shows the DLAT in a locked state. If you want to unlock the UI prior to 
an audit ending or after an audit ends, press Unlock. The Unlock dialog will 
display (see Figure 4). Enter the lock password specified in the Schedule Audit 
dialog box to unlock the UI. If you unlock the UI prior to the scheduled audit, the 
audit will be unscheduled. 


Figure 3: DLAT's U/I locked for a scheduled audit 
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Figure 4: Unlock dialog box 
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Password: Cancel 


Jaudit scheduled for Friday, October 5, 2007 at 04:00 PM 


audit scheduled for Friday, October 5, 20 


Saving the Results of an Audit 
When an audit completes, the full audit report displays in the text window at the 
bottom of the DLAT dialog box (see Figure 5). If you want to save this report to 
disk, click Save. This will open a file save dialog box. Specify a location and 
filename to save, and the DLAT will create a text file with the report contents in 
the filename specified. 


Figure 5: DLAT displays the results of an Audit 
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DirXML License Auditing Tool v1.0 


Novell, Inc. Copyright 2001 


Audit started Friday, October 5, 2001 at 03:10 PM 


Parameter Summary: 
LDAP Server Name: 137.65.159.11 
LDAP Server Port: 636 
Search Base: [null] 
Connected as: cn=admin,o=novell 
Tree Name: SECRETSTORE 


Audit Results Summary: 
DLAT found 5 user objects 
DLAT found 2 SecretStore users >| 


DLAT Output 
The report file output from the DLAT is identical to the report displayed in the DLAT 
dialog box. It has the following structure: 

= Identification header indicating the file is from DLAT 
= Time stamp indicating when the audit started 

= Summary of the audit parameters used 

= Audit results summary 

= Object class summary 

= Driver associations summary 

=" Driver report 

= Time stamp indicating when the audit completed. 


The key results of the audit appear in the Audit Results Summary and the Driver 
Associations Summary. The Audit Results Summary includes a field indicating the 
number of objects with valid DirXML associations. This number indicates the number of 
DirXML base licenses being used in that tree. 


The Driver Associations Summary lists each driver type found in the tree, and indicates 
the number of objects associated to each type. In this case driver type indicates the 
product name for the driver. This release of DLAT recognizes the following drivers from 
Novell: 

= Active Directory 

" Delimited Text Driver 

= eDirectory eDirectory 

= Exchange 5.5 


" JDBC 
=" LDAP/Netscape 
= Notes 


= NT 4 Domains 
= PeopleSoft 

= Remote Driver 
=» SAP 


Any driver not found on that list will be represented as a <Custom> driver. The JDBC, 
PeopleSoft, and SAP drivers are additional-charge drivers. Therefore, the counts listed 
for each of these driver types in the Driver Associations Summary require special action 
because they need to be considered as additional driver licenses considered in assessing 
compliance. 


As Novell releases additional drivers, the DLAT will be updated to recognize and audit 
them accordingly. 


Remote Driver 
Starting with DirXML 1.1, Novell released a Remote Driver shim. The Remote Driver 
provides the ability to deploy a DirXML driver on a system other than one running 
eDirectory. Prior to this, all drivers ran on the servers running the DirXML engine. With 
the Remote Driver, a DirXML driver can run on a separate server, lightening the CPU 
load for the eDirectory server. 


DLAT does not have a way of discovering what DirXML driver an instance of the 
Remote Driver is bound to. To determine which driver an instance of the Remote Driver 
is talking to, do the following: 


1. Using ConsoleOne, locate the driver object referenced by the DN listed in the 
DLAT’s output. 

2. Right-click the object and select Properties. 

3. Select the Authentication tab. 

4. Inthe Remote Loader Connection parameters field, note the IP address following the 
hostname= tag. 

5. Locate the physical machine using this IP address. 

6. Find the configuration file for the Remote Driver instance you are interested in and 
check the class or module parameter. 


It is also possible, although unlikely, that the module or class path is specified on the 
command line for the driver. In this case, look in the registry for the service entry. 
The key is HREY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services, and 
the name will be DirxMLRemote n where n is the command port number. Look at 
the command line value. 


The following table displays the driver names and their class or module names: 


Driver Name 


Module or class name 


DirXML Driver for Active | Addriver.dll 

Directory 

DirXML Driver for com.novell.nds.dirxml.driver.delimitedtext.delimitedtextdr 
Delimited Text iver 

DirXML Driver for Exdriver.dll 

Exchange 

DirXML Driver for ExchangeS55shim.dll 

Exchange 

DirXML Driver for com.novell.nds.dirxml.driver.nds.drivershimimp1 
eDirectory 

DirXML Driver for JDBC | com.novell.nds.dirxml.driver.jdbc.jdbcdrivershim 
DirXML Driver for LDAP | com.novell.nds.dirxml.driver.ldap.ldapdrivershim 
DirXML Driver for com.novell.nds.dirxml.driver.netscape.netscapedrivershim 
Netscape 

DirXML Driver for Notes | com.novell.nds.dirxml.driver.notes.notesdrivershim 
R5 Driver 

DirXML Driver for NT 4 Ntdrivr.dll 

Domain 

NT 4 Domain Driver ntdomainshim.dll 

DirXML Driver for Npsshim.dll 

PeopleSoft Driver 

DirXML Driver for Nps8shim.dll 

PeopleSoft Driver v4 


Remote Driver 


com.novell.nds.dirxml.remote.driver.drivershimimpl 


Sample Output 
DirXML License Auditing Tool v1.0 
Novell, Inc. Copyright 2001 


Audit started Thursday, August 16, 2001 at 01:40 PM 


Parameter Summary: 
LDAP Server Name: 137.65.1.222 
LDAP Server Port: 636 
Search Base: (null) 
Connected as: cn=rmatheson, o=novell 
Tree Name: WORKFORCE1 


Audit Results Summary: 
DLAT found 8706 user objects 
DLAT found 1 SecretStore objects 
DLAT found 2 SecureLogin objects 
DLAT found 24 DirXML Drivers 
DLAT found 11824 associated objects 


Object Class Summary 
8703 associations to Object Class inetOrgPerson 
3121 associations to Object Class costCenter 


Driver Association Summary 
8699 associations to eDirectory Driver drivers 
8919 associations to Peoplesoft Driver drivers 
11080 associations to <Custom> drivers 
10858 associations to JDBC Driver drivers 


Driver: CN=NDSTONDS - SERVICES1,CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 5799 
Disabled Associations: 4 


Driver: CN=TELECOM DRIVER, CN=TELECOM DRIVER SET,O=SERVICES 
Driver Name: <Custom> 
Driver Module: 
com.novell.nds.dirxml.driver.telecom.telecomdrivershim 
Processed Associations: 2455 
Disabled Associations: 1 


Driver: CN=NPSDRIVER, CN=PEOPLESOFT DRIVER, O=SERVICES 
Driver Name: Peoplesoft Driver 
Driver Module: psoftdrv.dll 
Processed Associations: 5798 
Disabled Associations: 2 


Driver: CN=NDSTONDS - SE-TREE,CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 5766 
Disabled Associations: 3 


Driver: CN=NDSTONDS - PRV-NDS1,CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 1091 
Disabled Associations: 10 


Driver: CN=NDSTONDS - SJF-NDS1,CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 255 
Disabled Associations: 13 


Driver: CN=NDSTONDS - ORM-NDS1,CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 1021 
Disabled Associations: 4 


Driver: CN=NDSTONDS - CPL-DSMASTER, CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 1058 
Disabled Associations: 3 


Driver: CN=NDSTONDS - SYD-DSMASTER, CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 279 
Disabled Associations: 0 


Driver: CN=NDSTONDS - TOK-DSMASTER, CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 108 
Disabled Associations: 0 


Driver: CN=NDSTONDS - AFO-NDS1,CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 712 
Disabled Associations: 1 


Driver: CN=NDSTONDS - PRV-NDS6,CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 47 
Disabled Associations: 0 


Driver: CN=VANTIVE DRIVER, CN=TELECOM DRIVER SET,O=SERVICES 
Driver Name: <Custom> 
Driver Module: 
com.novell.nds.dirxml.driver.jdbc2.jdbcdrivershim 
Processed Associations: 11007 
Disabled Associations: 0 


Driver: CN=NPSCOSTCENTERDRIVER, CN=BIG EWORKS 
PSCOSTCENTER, O=SERVICES 

Driver Name: Peoplesoft Driver 

Driver Module: psoftdrv.dll 

Processed Associations: 3121 

Disabled Associations: 0 


Driver: CN=EPISUITE DRIVER, CN=TELECOM DRIVER SET, O=SERVICES 
Driver Name: <Custom> 
Driver Module: 
com.novell.nds.dirxml.driver.jdbc2.jdbcdrivershim 
Processed Associations: 7261 
Disabled Associations: 0 


Driver: CN=EWORK COSTCENTER DRIVER, CN=BIG EWORKS 
PSCOSTCENTER, O=SERVICES 

Driver Name: JDBC Driver 

Driver Module: 
com.novell.nds.dirxml.driver.jdbc.jdbcdrivershim 

Processed Associations: 3121 

Disabled Associations: 0 


Driver: CN=NDSTONDS - PRV-NDS2,CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 389 
Disabled Associations: 1 


Driver: CN=EWORK USER DRIVER, CN=BIG EWORKS 
PSCOSTCENTER, O=SERVICES 

Driver Name: JDBC Driver 

Driver Module: 
com.novell.nds.dirxml.driver.jdbc.jdbcdrivershim 

Processed Associations: 7687 

Disabled Associations: 0 


Driver: CN=BIG USERS DRIVER, CN=BIG EWORKS PSCOSTCENTER, O=SERVICES 
Driver Name: JDBC Driver 
Driver Module: 
com.novell.nds.dirxml.driver.jdbc.jdbcdrivershim 
Processed Associations: 5784 
Disabled Associations: 0 


Driver: CN=GENDRIVER, CN=NDS DRIVERS, O=SERVICES 
Driver Name: <Custom> 
Driver Module: 
com.novell.nds.dirxml.driver.zds.genericdrivershim 
Processed Associations: 4116 
Disabled Associations: 0 


Driver: CN=NDSTONDS - SERVICES2,CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 8689 
Disabled Associations: 3 


Driver: CN=NDSTONDS - BLR-DSMASTER, CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 316 
Disabled Associations: 0 


Driver: CN=WSE - SECURITY, CN=TELECOM DRIVER SET,O=SERVICES 
Driver Name: <Custom> 
Driver Module: 
com.novell.nds.dirxml.driver.wsejdbc.wsedrivershim 
Processed Associations: 5793 
Disabled Associations: 0 


Driver: CN=NDSTONDS - PRV-NDS4,CN=NDS DRIVERS, O=SERVICES 
Driver Name: eDirectory Driver 
Driver Module: 
com.novell.nds.dirxml.driver.nds.drivershimimpl 
Processed Associations: 2882 
Disabled Associations: 0 


Audit completed Thursday, August 16, 2001 at 01:41 PM 
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Audit started Friday, August 17, 2001 at 02:16 PM 


Parameter Summary: 
LDAP Server Name: 137.65.132.13 
LDAP Server Port: 636 
Search Base: o=wazzup_labs 
Connected as: cn=admin, o=wazzup_labs 
Tree Name: DIRXML-DS 


Audit Results Summary: 
DLAT found 22 user objects 
DLAT found 1 SecretStore objects 
DLAT found 2 SecureLogin objects 
DLAT found 2 DirXML Drivers 
DLAT found 19 associated objects 
Object Class Summary 
19 associations to Object Class inetOrgPerson 


Driver Association Summary 
7 associations to Remote Driver drivers 
12 associations to Notes R5 Driver drivers 


Driver: CN=NOTES, CN=DRIVERSET, O=WAZZUP_LABS 
Driver Name: Notes R5 Driver 
Driver Module: 
com.novell.nds.dirxml.driver.notes.notesdrivershim 
Processed Associations: 12 
Disabled Associations: 1 


Driver: CN=NOTESREMOTE, CN=DRIVERSET, O=WAZZUP_LABS 
Driver Name: Remote Driver 
Driver Module: 
com.novell.nds.dirxml.remote.driver.drivershimimpl 
Processed Associations: 7 
Disabled Associations: 1 


Audit completed Friday, August 17, 2001 at 02:16 PM 


